Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-9701

Incorrect warning msg about localhost access enabled

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 2.4.3
    • Component/s: Internal Code, Security
    • None
    • Fully Compatible
    • ALL
    • Hide

      conn = startMongod( "--auth",
      "--port",
      27001,
      "--dbpath",
      "/data/db/test",
      "--setParameter",
      "enableLocalhostAuthBypass=0");

      var testDB = conn.getDB('test');
      testDB.foo.insert(

      {b:1}

      );
      print(tojson(testDB.foo.findOne()));

      This will print the warning while still disallowing the insert and find.

      Show
      conn = startMongod( "--auth", "--port", 27001, "--dbpath", "/data/db/test", "--setParameter", "enableLocalhostAuthBypass=0"); var testDB = conn.getDB('test'); testDB.foo.insert( {b:1} ); print(tojson(testDB.foo.findOne())); This will print the warning while still disallowing the insert and find.
    • Security E (01/01/16)

      When disabling the localhost authentication exception the server still prints the warning:

      "note: no users configured in admin.system.users, allowing localhost access"

            Assignee:
            rahul.dhodapkar Rahul Dhodapkar
            Reporter:
            andreas.nilsson Andreas Nilsson
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: